正常传参:
{"username": "admin", "password": "admin"}
payload8:
{"username": 'admin', "password": 'admin'}
如果改成单引号,报错如上,那么就是jackson。fastjson是不报错的:
正常传参:
{"username": "admin", "password": "admin"}
payload9:
{"username": "admin", "password": "admin", "test": 1}
如果报错如下,则说明是jackson:
fastjson是不会报错的,这里我们请求doLogin路由来验证:
POST /doLogin?username=admin&password=admin&test=1&rememberme=remember-me HTTP/1.1
Host: 10.0.47.4:8888
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=8D9951E527FEE008DB7B874D70636D86
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
